On a Mac with a two-stage boot architecture, the LLB contains the code that’s invoked by the Boot ROM and that in turn loads iBoot, as part of the secure boot chain.
Part of the encryption key hierarchy. The media key helps ensure quick, secure data wiping of Apple devices. On iPhone, iPad, Apple TV, and Apple Watch, it does this by wrapping the metadata on the data volume. Without the media key, file keys are locked away, making files protected with Data Protection inaccessible. On Mac, the media key wraps key material, all metadata, and FileVault data. In both cases, wiping the media key blocks access to encrypted data.
The subsystem in a system on a chip that controls the interface between the system on a chip and its main memory.
A service that lets an administrator remotely manage enrolled devices. After a device is enrolled, the administrator can use the MDM service over the network to configure settings and perform other tasks on the device without user interaction.
Nonvolatile flash memory.
The encryption key derived from the entangling of the user password with the long-term SKP key and the UID of the Secure Enclave.
The key used by Data Protection to encrypt a file on the file system. The per-file key is wrapped by a class key and is stored in the fileʼs metadata.
A property list (.plist file) signed by Apple that contains a set of entities and entitlements allowing apps to be installed and tested on an iOS or iPadOS device. A development provisioning profile lists the devices that a developer has chosen for ad hoc distribution, and a distribution provisioning profile contains the app ID of an enterprise-developed app.
A mode used to restore many Apple devices if it doesn’t recognize the user’s device so the user can reinstall the operating system.
A mathematical representation of the direction and width of the ridges extracted from a portion of a fingerprint.
A technology in Data Protection that protects, or seals, encryption keys with measurements of system software and keys available only in hardware (such as the UID of the Secure Enclave).
A chip designed with immutable RO code, a hardware random number generator, cryptography engines, and physical tamper detection. On supported devices, the Secure Enclave is paired with a Secure Storage Component for anti-replay value storage. To read and update anti-replay values, the Secure Enclave and storage chip employ a secure protocol that helps ensure exclusive access to the anti-replay values. There are multiple generations of this technology with differing security guarantees.
The Secure Enclave firmware, based on an Apple-customized version of the L4 microkernel.
Dedicated bits in the Secure Enclave AES Engine that get appended to the UID when generating keys from the UID. Each software seed bit has a corresponding lock bit. The Secure Enclave Boot ROM and operating system can independently change the value of each software seed bit as long as the corresponding lock bit hasn’t been set. After the lock bit is set, neither the software seed bit nor the lock bit can be modified. The software seed bits and their locks are reset when the Secure Enclave reboots.
A hardware subsystem that manages the storage media (solid-state drive).
A mechanism Apple uses designed to prevent modification of coprocessor firmware.
An integrated circuit (IC) that incorporates multiple components into a single chip. The Application Processor, the Secure Enclave, and other coprocessors are components of the SoC.
A process that combines cryptographic keys built into hardware with an online service to check that only legitimate software from Apple, appropriate to supported devices, is supplied and installed at upgrade time.
The process by which a user’s passcode is turned into a cryptographic key and strengthened with the device’s UID. This process helps ensure that a brute-force attack must be performed on a given device, and thus is rate limited and can’t be performed in parallel. The tangling algorithm is PBKDF2, which uses AES keyed with the device UID as the pseudorandom function (PRF) for each iteration.
A replacement technology for BIOS to connect firmware to a computer’s operating system.
A string of characters that identifies a web-based resource.
A 256-bit AES key that’s burned into each processor at manufacture. It can’t be read by firmware or software, and it’s used only by the processor’s hardware AES Engine. To obtain the actual key, an attacker would have to mount a highly sophisticated and expensive physical attack against the processor’s silicon. The UID isn’t related to any other identifier on the device including, but not limited to, the UDID.
An abbreviation for eXtended Anti-Replay Technology. A set of services that provide encrypted, authenticated persistent storage for the Secure Enclave with anti-replay capabilities based on the physical storage architecture. See Secure Storage Component.
On devices with macOS, an antivirus technology for the signature-based detection and removal of malware.
The kernel at the heart of the Apple operating systems. It’s assumed to be trusted, and it enforces security measures such as code signing, sandboxing, entitlement checking, and Address Space Layout Randomization (ASLR).